package xin.yangshuai.springsecurity01.controller;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import xin.yangshuai.common01.entity.BaseResult;
import xin.yangshuai.springsecurity01.model.SpringSecurityUser;
import xin.yangshuai.springsecurity01.service.SpringSecurityUserService;

import java.util.List;

@RestController
@RequestMapping("user")
public class SpringSecurityUserController {

    @Autowired
    private SpringSecurityUserService springSecurityUserService;

    @GetMapping("list")
    @PreAuthorize("hasRole('ADMIN') and authentication.name == 'admin'")
    public BaseResult<List<SpringSecurityUser>> list() {
        List<SpringSecurityUser> list = springSecurityUserService.list();
        BaseResult<List<SpringSecurityUser>> result = new BaseResult<>();
        result.setCode("200");
        result.setData(list);
        return result;
    }

    @PostMapping("add")
    // @PreAuthorize("hasRole('USER')")
    @PreAuthorize("hasAuthority('USER_ADD')")
    public BaseResult add(@RequestBody SpringSecurityUser springSecurityUser) {
        springSecurityUserService.saveUserDetais(springSecurityUser);
        BaseResult result = new BaseResult<>();
        result.setCode("200");
        return result;
    }
}
